Chinese Spies With Poor Grammar Tried Hacking NSA Historian

April 21, 2015 Updated: April 21, 2015

Over the last four months, hackers traced back to the Chinese regime have been trying to breach the computers of NSA historian Matthew Aid. He recently detected two attempted breaches, one on April 2 and another on April 11, which he documented Monday on his blog.

Exactly what the Chinese cyberspies were after is still unknown, but it’s fair to assume it has something to do with Aid’s work. Aside from researching intelligence activities of several major nations, he also regularly speaks with former intelligence agents.

Aid is a leading intelligence historian and expert on the NSA, and often speaks with the press on intelligence issues. He is also author of “Intel Wars: The Secret History of the Fight Against Terror” and “The Secret Sentry, the definitive history of the National Security Agency.”

Related Coverage
Chinese Spies With Poor Grammar Tried Hacking NSA HistorianHackers Breach 161 Chinese Government Websites, Leak 5,000 Accounts
Chinese Spies With Poor Grammar Tried Hacking NSA HistorianCyberattack From China Attack Computers in Taipei Mayor’s Office

“I have to hand it to these Chinese hackers,” Aid wrote on his blog. “They are very persistent but not very smart. I would have thought they would have learned their lesson back in December, but apparently these guys have a quota to meet and apparently they don’t care if they get caught.”

Aid did not immediately respond to a request for comment.

In December, Aid wrote that over a period of two weeks, “my computer has been under frequent attack by Chinese cyber spies operating from the city of Nanjing.” On Dec. 7, 2014, when he wrote about it, he said they “even tried to penetrate my computer as soon as I logged on this morning. They were waiting for me to wake up and go to work!”

He was able to trace all of the intrusion attempts to IP addresses located in “the same complex in Nanjing, China.” He notes that the attacks had stopped “almost immediately” when he first wrote about the attempts in December.

The Nanjing location is telling. Aid believes the cyberspies may be with the Nanjing Military Region’s Technical Reconnaissance Bureau, which is under the General Staff Department, Third Department, of the Chinese regime’s military. The Third Department runs the Chinese regime’s signals intelligence operations (SIGINT) and is the source of many of its military cyberattacks.

The Chinese cyberspies had tried tricking Aid with infected emails, which were forged to look like notices from his Internet Service Provider. This is a common practice for cyberspies, known as a spearphishing attack.

“The only problem,” Aid wrote, “was that the notices were so poorly done (my 11-year old niece has better graphic arts skills) and the grammar and syntax was so incredibly bad that they have proven to be a source of neverending amusement for friends and family.”

Follow Joshua on Twitter: @JoshJPhilipp